rpm package
suse/podman&distro=SUSE Linux Enterprise Micro 5.3
pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Micro%205.3
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-2989 | — | < 3.4.7-150400.4.6.1 | 3.4.7-150400.4.6.1 | Sep 13, 2022 | An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissio | ||
| CVE-2022-27649 | — | < 4.3.1-150400.4.11.1 | 4.3.1-150400.4.11.1 | Apr 4, 2022 | A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attack | ||
| CVE-2021-4024 | — | < 4.3.1-150400.4.11.1 | 4.3.1-150400.4.11.1 | Dec 23, 2021 | A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is op | ||
| CVE-2021-41190 | — | < 4.3.1-150400.4.11.1 | 4.3.1-150400.4.11.1 | Nov 17, 2021 | The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operat | ||
| CVE-2021-20206 | — | < 4.3.1-150400.4.11.1 | 4.3.1-150400.4.11.1 | Mar 26, 2021 | An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsew | ||
| CVE-2021-20199 | — | < 4.3.1-150400.4.11.1 | 4.3.1-150400.4.11.1 | Feb 2, 2021 | Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podma |
- CVE-2022-2989Sep 13, 2022affected < 3.4.7-150400.4.6.1fixed 3.4.7-150400.4.6.1
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissio
- CVE-2022-27649Apr 4, 2022affected < 4.3.1-150400.4.11.1fixed 4.3.1-150400.4.11.1
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attack
- CVE-2021-4024Dec 23, 2021affected < 4.3.1-150400.4.11.1fixed 4.3.1-150400.4.11.1
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is op
- CVE-2021-41190Nov 17, 2021affected < 4.3.1-150400.4.11.1fixed 4.3.1-150400.4.11.1
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operat
- CVE-2021-20206Mar 26, 2021affected < 4.3.1-150400.4.11.1fixed 4.3.1-150400.4.11.1
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsew
- CVE-2021-20199Feb 2, 2021affected < 4.3.1-150400.4.11.1fixed 4.3.1-150400.4.11.1
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podma
Page 2 of 2